Livemesh Addons For Elementor
Monthly
Stored cross-site scripting (XSS) in Livemesh Addons for Elementor through version 9.0 allows authenticated users with limited privileges to inject malicious scripts that execute in the browsers of administrators and other site visitors. The vulnerability stems from improper input sanitization during web page generation, enabling attackers to persistently compromise site functionality and steal administrative credentials or session tokens. CVSS 6.5 reflects moderate severity; EPSS 0.03% indicates very low real-world exploitation probability, suggesting this requires specific user interaction and authenticated access to exploit effectively.
Stored cross-site scripting (XSS) in Livemesh Addons for Elementor through version 9.0 allows authenticated users with limited privileges to inject malicious scripts that execute in the browsers of administrators and other site visitors. The vulnerability stems from improper input sanitization during web page generation, enabling attackers to persistently compromise site functionality and steal administrative credentials or session tokens. CVSS 6.5 reflects moderate severity; EPSS 0.03% indicates very low real-world exploitation probability, suggesting this requires specific user interaction and authenticated access to exploit effectively.